While I believe this can be made to work from a technical angle, I'm very nervous about how well it will work in the real world because of the incentives it creates. We want validators to have a strong incentive to broaden their UNL to avoid a network split. In this scheme, each validator you add to your UNL costs you money, and there's a much greater risk that the set of validators will be a small group that refuses to listen to anyone outside the group and presents a "take it or leave it" choice to the outside world.
Understood. This may be needlessly long.TL;DR Summery: The KNL/UNL should optimally be the "non-anonymous" subset of non-malicious nodes.
See below for details. Especially the end where it mentions "fidelity bonds".
------
In my original "known-nodes-list" concept the KNL served more as a sanity check. If all your friends disappeared, you are probably forked (5b). Stop transacting and figure out where everyone went. Possibly even notify the HUMAN operator.
The role of UNL you describe, is actually handled by the validator "candidate set". That's where every time you add someone to the candidate set it splits the pie into smaller slices. Theoretically, it should have a set of well define rules that all other validators are required to follow. (i.e. 1) If they've been present, and 2) they are randomly chosen, and 3) their block validates, then 4a) everyone has to accept it.) <-- BitCoin style consensus.
So, if more people show up to validate you, theoretically, have to accept them. Those who don't accept a valid block are supposed to be presumed MALICIOUS (badly written 4b). The trouble of course is at the edges. What about transaction mismatches. Are those accidental (5c3-4) or malicious?. Certainly, if someone doesn't included a "slam-dunk" previously missed transaction (5c6) it should be considered malicious.
Assuming you want the mining rate to be relatively fixed, every node except the one that "mines" a block now has an incentive to prevent a consensus being reached on that block because that's one more reward it won't get rather than a chance at that reward. Bitcoin doesn't have this problem because every miner has a strong incentive to build on the longest chain. I'm not sure how you could replicate that in this scheme.
Here you are talking about the (4b) malicious node case. You are certainly right, my description is hand wavy on what to do about deliberately non-compliant nodes. Believe it or not I was attempting to SIMPLIFY the description. 
The set of non-malicious validating nodes is the "candidate set of validators" minus your personally known malicious nodes. (4b, 5c6) Your KNL/UNL should optimally be the "non-anonymous" subset of non-malicious nodes.
The set of anonymous validator nodes needs to be policed using a forfeitable fidelity bond. In this case a fidelity bond is a transaction that sends a predefined amount of a validator's coins to an output claimable by "ANYONE". No non-malicious node should allow anyone to claim those coins, except for three specific circumstances.
1) The sending validator can claim his own coins. This results in him taking himself out of the validator candidate set.
2) If the chosen validator (2) produces a non-validating or DoS block, the next-chosen non-anonymous validator can claim the FAILED validator's fidelity bond.
3) If a validator fails to come to consensus and "announce" within the next (Y) blocks, the next-chosen non-anonymous validator can claim his fidelity bond.
There is no automated mechanism to anonymously reclaim a lost fidelity bond. The bond can only be claimed by a human personally appealing to a human consensus of non-anonymous validators.